Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/PQkXJQC844XrblWqXSwmAqWUi64.roa
File: PQkXJQC844XrblWqXSwmAqWUi64.roa (raw, json)
Hash identifier: 2cLFr6U2XYR9sr+N19r2/hYJ/Yi/7BSVRT7pLcifiQg=
Subject key identifier: 3D:09:17:25:00:BC:E3:85:EB:6E:55:AA:5D:2C:26:02:A5:94:8B:AE
Certificate issuer: /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial: 019E68C47974AFF0FE01D663A87C4EA1A65E
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/PQkXJQC844XrblWqXSwmAqWUi64.roa
Signing time: Wed 27 May 2026 09:29:27 +0000
ROA not before: Wed 27 May 2026 09:29:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34343
IP address blocks: 85.12.56.0/24 maxlen: 24
91.148.192.0/24 maxlen: 24
91.148.224.0/22 maxlen: 24
91.148.228.0/22 maxlen: 24
91.148.236.0/22 maxlen: 24
91.148.236.0/24 maxlen: 24
91.148.237.0/24 maxlen: 24
91.148.238.0/24 maxlen: 24
91.148.239.0/24 maxlen: 24
91.148.240.0/22 maxlen: 24
91.148.244.0/22 maxlen: 24
91.148.248.0/24 maxlen: 24
91.148.249.0/24 maxlen: 24
176.124.71.0/24 maxlen: 24
185.91.29.0/24 maxlen: 24
193.138.220.0/24 maxlen: 24
193.138.221.0/24 maxlen: 24
193.138.222.0/24 maxlen: 24
193.138.223.0/24 maxlen: 24
193.138.224.0/21 maxlen: 21
195.200.84.0/24 maxlen: 24
195.200.85.0/24 maxlen: 24
2a01:788:aaaa::/48 maxlen: 48
2a01:788:aaab::/48 maxlen: 48
2a01:788:aaac::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.mft
rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 18:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:68:c4:79:74:af:f0:fe:01:d6:63:a8:7c:4e:a1:a6:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
Validity
Not Before: May 27 09:29:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3d09172500bce385eb6e55aa5d2c2602a5948bae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:67:94:3e:53:b5:16:10:87:74:7b:03:94:31:
b0:db:99:c3:de:3d:d4:95:77:6d:2b:c5:7f:6e:1d:
0e:b0:fc:32:b0:f3:df:0f:66:a4:04:46:a9:99:f7:
60:40:6c:f5:8d:61:ef:43:73:11:8b:f6:a5:55:33:
b8:83:22:e6:7b:a4:1b:71:e5:4f:c4:3d:43:e2:94:
26:f0:59:b7:f9:6e:1c:6b:ac:df:b2:cf:0c:1a:45:
85:d6:08:52:2e:1a:c4:0f:2a:3b:39:32:a8:cf:c5:
ee:13:a7:18:8f:89:71:4f:e5:7b:ba:1c:80:e7:f5:
5a:13:68:4e:25:46:07:3f:fe:29:da:36:5d:67:97:
53:2e:ff:94:33:18:e7:5c:90:c4:73:65:ab:e7:04:
d5:29:bb:9f:d4:b2:fa:30:f6:d1:1d:e3:12:7a:ff:
bd:c1:fc:9c:7e:6d:2c:da:5e:26:0f:99:6b:4d:34:
79:04:92:24:b3:bc:86:48:84:ae:fb:66:30:83:e5:
9d:14:dc:36:85:1d:82:79:0f:4a:b5:f2:de:d7:f6:
62:d7:5e:0d:89:4f:14:3e:a4:f2:18:61:2e:59:c7:
de:57:bf:4e:51:8c:25:72:5c:51:ef:4b:e7:81:0a:
f6:24:cf:82:f9:a3:98:3e:f7:8a:15:36:06:50:72:
29:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:09:17:25:00:BC:E3:85:EB:6E:55:AA:5D:2C:26:02:A5:94:8B:AE
X509v3 Authority Key Identifier:
keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/PQkXJQC844XrblWqXSwmAqWUi64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.12.56.0/24
91.148.192.0/24
91.148.224.0/21
91.148.236.0-91.148.249.255
176.124.71.0/24
185.91.29.0/24
193.138.220.0-193.138.231.255
195.200.84.0/23
IPv6:
2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
37:85:dc:3b:83:ea:00:e6:08:2d:38:3e:c8:7d:ee:be:7f:9f:
54:fe:c6:4c:7b:4a:94:42:5c:29:77:45:17:bb:66:b3:44:ce:
5d:44:3a:d8:46:f1:18:2d:96:ed:c0:8a:67:80:19:82:9e:a3:
d0:f9:21:ed:24:b3:ba:0d:43:38:a1:f2:83:46:70:fd:54:95:
a8:75:99:cc:ec:4b:12:3d:85:66:be:2e:02:11:fb:9d:81:15:
f9:13:e5:ae:43:96:47:8f:55:1a:22:46:6b:bb:d2:21:22:be:
88:74:2c:65:3c:8f:3f:46:fa:73:26:ec:39:59:a4:5e:17:04:
1e:ed:43:d8:52:6d:33:cb:fd:b8:78:9b:fd:57:cd:a2:40:e4:
ce:e6:48:c2:cd:d0:35:74:69:74:91:3a:b7:df:4d:23:a4:b7:
82:3a:f9:c2:3e:ad:9a:4f:94:2f:b3:07:09:76:d6:e3:55:dc:
d0:6b:5c:c9:df:72:d1:66:43:c4:41:37:dd:48:cc:ec:9e:7b:
dc:fe:b9:15:47:b1:bb:42:3a:ae:f5:e5:5f:9d:63:1a:bc:f3:
9c:70:04:b7:55:75:a7:53:e5:0c:12:a4:15:80:a3:b6:7b:8d:
ad:e9:3b:44:da:3e:d3:81:3d:cb:31:1a:d7:83:c0:d0:03:e7:
74:b6:1d:42
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAZ5oxHl0r/D+AdZjqHxOoaZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjYwNTI3MDkyOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDA5MTcyNTAwYmNlMzg1ZWI2ZTU1YWE1ZDJjMjYwMmE1OTQ4YmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWeUPlO1FhCHdHsDlDGw25nD3j3U
lXdtK8V/bh0OsPwysPPfD2akBEapmfdgQGz1jWHvQ3MRi/alVTO4gyLme6QbceVP
xD1D4pQm8Fm3+W4ca6zfss8MGkWF1ghSLhrEDyo7OTKoz8XuE6cYj4lxT+V7uhyA
5/VaE2hOJUYHP/4p2jZdZ5dTLv+UMxjnXJDEc2Wr5wTVKbuf1LL6MPbRHeMSev+9
wfycfm0s2l4mD5lrTTR5BJIks7yGSISu+2Ywg+WdFNw2hR2CeQ9KtfLe1/Zi114N
iU8UPqTyGGEuWcfeV79OUYwlclxR70vngQr2JM+C+aOYPveKFTYGUHIphwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFD0JFyUAvOOF625Vql0sJgKllIuuMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvUFFrWEpRQzg0NFhyYmxXcVhTd21BcVdVaTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBGBAIAATBAAwQAVQw4AwQA
W5TAAwQDW5TgMAwDBAJblOwDBAFblPgDBACwfEcDBAC5Wx0wDAMEAsGK3AMEA8GK
4AMEAcPIVDAaBAIAAjAUMBIDBwEqAQeIqqoDBwAqAQeIqqwwDQYJKoZIhvcNAQEL
BQADggEBADeF3DuD6gDmCC04Psh97r5/n1T+xkx7SpRCXCl3RRe7ZrNEzl1EOthG
8Rgtlu3AimeAGYKeo9D5Ie0ks7oNQzih8oNGcP1Ulah1mczsSxI9hWa+LgIR+52B
FfkT5a5DlkePVRoiRmu70iEivoh0LGU8jz9G+nMm7DlZpF4XBB7tQ9hSbTPL/bh4
m/1XzaJA5M7mSMLN0DV0aXSROrffTSOkt4I6+cI+rZpPlC+zBwl21uNV3NBrXMnf
ctFmQ8RBN91IzOyee9z+uRVHsbtCOq715V+dYxq885xwBLdVdadT5QwSpBWAo7Z7
ja3pO0TaPtOBPcsxGteDwNAD53S2HUI=
-----END CERTIFICATE-----
Generated at Thu Jun 11 23:49:20 2026 by rpki-client